Concealed Three-Dimensional Data Object for Multi Factor Authentication

This application is a divisional of U.S. application Ser. No. 18/198,571, filed May 17, 2023, which is a continuation-in-part of U.S. application Ser. No. 17/891,326, filed Aug. 19, 2022, the disclosures of which are incorporated herein by reference.

The present disclosure relates generally to electronic security, and more specifically, to the use of a mobile user device for authenticating and verifying a user's actual presence at a workspace at check-in and applying a predetermined profile for the configuration of hardware resources available to the workspace.

Organizations are increasingly adopting some form of hybrid hoteling model for its workforce in which workers dynamically schedule their use of onsite rooms. Centralized scheduling of these onsite rooms has traditionally been accomplished using an electronic reservation system having a calendar-based scheduling server to upload and/or download one or more aspects of availability data associated with a room. An electronic reservation system might be used to reserve an office or conference room, with the result being that others can access the reservation system to ascertain whether the room might be available for their own use.

Participants in an organization, that dynamically schedules onsite rooms, may interact with a reservation system using a scheduling device. For example, each room may have a dedicated scheduling device. Examples include scheduling touchscreens offered by Crestron Electronics, Inc. Of Rockleigh, N.J. Touchscreens can be installed outside of a room which can be programed to allow users to view the room availability, check the status of nearby rooms, and/or reserve a room for an ad hoc meeting simply by interacting the touch screen. Interacting with a reservation system can also be accomplished using a mobile user device (e.g., a mobile smartphone) running an approved software application.

101 1 FIG. Barcodes have become a known and widely accepted method for storing information. Their most popular use includes determining the price of an item at retail check-out counters. Other uses may also include item identification, detailed part information, serial number information, and inventory information. Commonly encountered barcodes are usually either one-dimensional or two-dimensional and are typically printed directly on an object's surface or on labels affixed to an object's surface. Barcodes are typically read by optical scanning techniques using countertop scanners, handheld wands, or mobile phone cameras. One-dimensional Barcodes typically comprise bars and spaces with bars of varying widths representing strings of binary ones and spaces of varying widths representing binary zeros. An example of a one-dimensional barcodeis shown in.

Two-dimensional barcodes have also become a known and widely accepted method for storing information. An example of a two-dimensional barcode is the data matrix code, which consists of black and white “cells” or dots arranged in either a square or rectangular pattern. One example of a two-dimensional barcode is the Quick Response code (QR-code.) A QR-code consists of black squares arranged in a square grid on a white background. Information such as a street address, telephone number, or web browser URL, for example, may be stored in a quick response (QR) code. A QR code may be readable by mobile phones with a camera, smart phones, computing devices, specialized scanners, and so on. The information encoded within the matrix barcode may be text, uniform resource indicator (URI), alphanumeric, numeric, and other data. Users with a camera phone or other mobile user device equipped with the correct reader application can convert a photographic image of the matrix barcode to display text, contact information, connect to a wireless network, open a webpage in the phone's browser, and so on.

Three-dimensional imagers, ubiquitously available on consumer-grade mobile user devices, sometimes known as light detection and ranging (LiDAR) sensors, can be used to capture point depth information of objects or an area by illumination with an optical beam and by analyzing the reflected optical beam. A commonly used technique to determine the distance to each point on the target involves projecting an optical beam towards the target, followed by the measurement of the round-trip time, i.e., Time-of-flight (ToF), taken by the optical beam as it travels from the source to target and back to a detector adjacent to the source. Based on the time elapsed between emission of the pulse of light and detection of the returned pulse of light, a distance is estimated. LiDAR can be used to scan a 3D surface of objects and distinguish it from other objects.

While biometric authentication may be advantageous because it allows a user to authenticate more securely and quickly than, for example, entering a password or some other credential, the same level of biometric security does not currently exist for authenticating a hardware device.

The information included in this Background section of the specification, including any references cited herein and any description or discussion thereof, is included for technical reference purposes only and is not to be regarded subject matter by which the scope of the invention as defined in the claims is to be bound.

This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Furthermore, the claimed subject matter is not limited to implementations that solve any or all disadvantages noted in any part of this disclosure.

A system of one or more computers can be configured to perform operations or actions by virtue of having software, firmware, hardware, or a combination of them installed on the system that in operation causes or cause the system to perform the actions. One or more computer programs can be configured to perform particular operations or actions by virtue of including instructions that, when executed by data processing apparatus, cause the apparatus to perform the actions.

In one general aspect, workspace management system may include a networked workspace scheduling server. Workspace management system may also include a conferencing device having a three-dimensional authentication object encoded with data that is read using lidar and disposed behind a bezel cover, where the bezel cover has at least two modes, a visible mode and a concealed mode, where when the bezel cover is in a visible mode, the three-dimensional authentication object is visible to a lidar scanner, and when the bezel cover is in a concealed mode, the three-dimensional authentication object is not visible to a lidar scanner. System may furthermore include a mobile user device having an application installed thereon, where the form authentication token associated with the mobile user device and encoded in the three-dimensional authentication object is retrievable by the application. System may in addition include at least one security camera for capturing images of the three-dimensional authentication object on the conferencing device. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. System where when the bezel cover is in the visible mode, the transmission of visible light wavelengths in the range of 400700 nanometers is enabled to allow a user interacting with the conferencing device to determine that the three-dimensional authentication object is visible. System where the bezel cover further may include a layer of electrochromic film that become opaque when de-energized and transparent when energized. System where when the bezel cover may include a plurality of independently operable electrochromic shutters arranged over several LIDAR readable three-dimensional objects. 5 where when the application uses the form authentication token associated with the mobile user device encoded in the three-dimensional authentication object to access the workspace scheduling server. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include encoding data into a three-dimensional authentication object disposed behind a bezel cover of a conferencing device, where the bezel cover has at least two modes, a visible mode and a concealed mode, where when the bezel cover is in a visible mode, the three-dimensional authentication object is visible to a lidar scanner, and when the bezel cover is in a concealed mode, the three-dimensional authentication object is not visible to a lidar scanner. Method may also include capturing an image of the three-dimensional authentication object using at least one security camera. Method may furthermore include retrieving a form authentication token from the captured image. Method may in addition include accessing a networked workspace scheduling server using the form authentication token retrieved from the captured image. Method may moreover include performing additional verification steps based on the information retrieved from the workspace scheduling server. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where when the bezel cover is in the visible mode, the transmission of visible light is enabled allow a user interacting with the conferencing device to determine that the three-dimensional authentication object is visible. Method where the form authentication token is retrieved by an application installed on a mobile user device and utilizes the form authentication token associated with said mobile user device. Method where the bezel cover further may include a layer of electrochromic film that become opaque when de-energized and transparent when energized. Method where when the bezel cover may include a plurality of independently operable electrochromic shutters arranged over several LIDAR readable three-dimensional objects. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, workspace management system may include A mobile user device. Workspace management system may also include A remote cloud server communicatively coupled with said mobile user device, said remote cloud server adapted to interface with one or more electronically controlled devices disposed in a workspace. System may furthermore include An authentication engine, stored in a nonvolatile storage and communicatively coupled with the remote cloud server over a cloud network, said authentication engine being adapted to receive input data from the mobile user device having a three-dimensional data object including physical parameters by which a user is authenticated. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Workspace management system where said three-dimensional data object is captured by a camera of said mobile user device. Workspace management system where said three-dimensional data object includes biometric characteristics of a user. Workspace management system may include a database, where said authentication engine is adapted to compare said input data with stored biometric information of said user. Workspace management system where said three-dimensional data object includes facial recognition patterns associated with a user. Workspace management system may include a control system processor adapted to act as an intermediary between said remotely cloud server and the electronically controlled devices. Workspace management system where said remotely cloud server is adapted to receive data directly from the electronically controlled devices. Workspace management system where said workspace management system is customized according to user requirements. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include Receiving input data from a mobile user device, said input data having a three-dimensional data object including physical parameters by which a user can be authenticated. Method may also include Transmitting said input data from said mobile user device to a remote cloud server over a cloud network. Method may furthermore include Comparing said input data received from said mobile user device with stored biometric information associated with said user. Method may in addition include Authenticating said user if said input data matches said stored biometric information. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where said three-dimensional data object is captured by a camera of said mobile user device. Method where said three-dimensional data object includes biometric characteristics of a user. Method where said input data is transmitted by said mobile user device via a Uniform Resource Locator (URL) decoded from a QR-Code. Method may include controlling one or more electronically controlled devices disposed in a workspace based on the authentication of said user. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, workspace management system may include a remote cloud server having a CPU, a main memory and a nonvolatile storage. Workspace management system may also include the nonvolatile storage having workspace automation application. System may furthermore include a plurality of controllable electronic devices associated with said workspace management system. System may in addition include one or more mobile user devices adapted to access said remote cloud server. System may moreover include an authentication engine operably associated with said main memory and said CPU, where said authentication engine is adapted to authenticate users using said mobile user device. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. System may include control system processor connected to said electronic devices; and where said control system processor may include web interface to communicate with said remote cloud server. System where said authentication engine stores data and logic steps necessary to authenticate users using said mobile user device. System where said authentication engine may include multifactor authentication capabilities, which may include Three-dimensional data objects for various authentications. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include providing a workspace management system, having remote cloud server, one or more mobile user devices, a plurality of controllable electronic devices associated with said workspace management system, and an authentication engine. Method may also include receiving user input at said mobile user device. Method may furthermore include authenticating user using said authentication engine. Method may in addition include receiving command data from said authenticated user at said remote cloud server. Method may moreover include forwarding said command data to said electronic devices. Method may also include controlling one or more said electronic devices in response to said command data. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where said authenticating said user may include verifying user credentials using user input. Method where said verification step may include performing multifactor authentication of user credentials, where said authentication may include three-dimensional data objects. Method where said authenticating step further may include biometric authentication of user credentials. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, workspace management system may include a conferencing device having: Workspace management system may also include a video camera, a microphone, a display screen, a bezel adapted to conceal a LIDAR readable three-dimensional data object, the bezel being electrochromic and being controllable between at least two states of transparency such that in one state at least a portion of the object is visible to a LIDAR scanner, and in another state the entire object is concealed. System may furthermore include a workspace scheduling server communicatively coupled to the conferencing device and adapted to generate, manage, store, and transmit tokenized URLs over a network to the conferencing device to enable an user to initiate an authentication process where, upon receipt of the tokenized URL, the conferencing device selectively controls the bezel's opacity to prevent the scanning of the adjacent LIDAR readable three-dimensional object until the user has completed a specified preliminary user check-in. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. System where the specified preliminary user check-in may include having the user point their user communication device camera at a QR-Code currently displayed on the display screen of the conferencing device. System where the QR-Code is encoded with a tokenized URL that points to a link for downloading an application from the user communication device's authorized App store. System where the tokenized URL downloads and installs the application, uses login credentials from the encoded information in order to complete the preliminary user check-in. System where the bezel is adapted to include more than one uniquely encoded LIDAR readable three-dimensional object disposed in different areas behind the bezel and the conferencing device bezel is adapted to reveal only one of the LIDAR readable three-dimensional objects according to a programmed sequence for any authentication logic. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, workspace management system may include a conferencing device. Workspace management system may also include a three-dimensional authentication object encoded with additional information. System may furthermore include a bezel cover adapted to selectively conceal the three-dimensional authentication object. System may in addition include an electrochromic material coupled between the bezel cover and the three-dimensional authentication object, where the electrochromic material is adapted to vary the opacity of the bezel cover. System may moreover include an optical scanner in communicative connection with the conferencing device for scanning the three-dimensional authentication object when the bezel cover is in an opaque state and the additional information is successfully read. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Workspace management system where the electrochromic material responds to electrical signals from the conferencing device for varying the opacity of the bezel cover. Workspace management system may include a processor adapted to compare information obtained by scanning the three-dimensional authentication object to predetermined information stored on the conferencing device and associated with the conferencing device. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include providing a conferencing device having an embedded system. Method may also include encoding a three-dimensional object with additional information. Method may furthermore include disposing the three-dimensional object beneath an electrochromic bezel cover coupled to the conferencing device. Method may in addition include displaying a QR-code on the conferencing device. Method may moreover include receiving additional authorization information via a mobile user communication device that scans the displayed QR-code and transmits the received additional information to a networked workspace scheduling server. Method may also include utilizing the information transmitted to the networked workspace scheduling server to initiate an additional authentication workflow if necessary. Method may furthermore include progressively varying the opacity of the electrochromic bezel cover to reveal the three-dimensional object. Method may in addition include scanning the revealed three-dimensional object using an optical scanner in communicative connection with the conferencing device to obtain the additional information associated with the three-dimensional object. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

In one general aspect, method may include obtaining a three-dimensional object encoded with four distinct symbols indicative of an authentication for configurable workspaces, the symbols being encoded in the height of each cuboid. Method may also include placing the three-dimensional object in a conference device having a bezel cover adapted to selectively conceal or reveal the object based on a user's request. Method may furthermore include scanning the object using a LIDAR camera to detect the symbols. Method may in addition include verifying the authenticity of the symbols by comparing them to a predetermined set of symbols. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where the symbols are different numerical values. Method including: generating a tokenized URL from a networked workspace scheduling server; displaying the tokenized URL via a QR-code displayed on the display screen of the conferencing device; providing access to a mobile application by downloading and installing the new application corresponding to the tokenized URL via a mobile user device camera; transmitting the authentication token associated with the QR-code from the mobile user device to the networked workspace scheduling server; and prompting the networked workspace scheduling server to initiate additional authentication steps. Method where the additional authentication steps include verifying the authenticated token is authorized for use of the respective conference device. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, system may include a plurality of three-dimensionally encoded tokens configured plurality of conference devices. System may also include a networked workplace scheduling server adapted to generate, manage, store, and transmit the tokens to the conference device. System may furthermore include receive authentication tokens from remote user devices. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. System where said plurality of conference devices may include: a video camera; a microphone; a display screen that may be a 10 high resolution touch screen; and a bezel configured with at least two modes to be transparent or substantially opaque, the plurality further configured with a three-dimensional authentication object having a LIDAR readable object disposed behind the bezel, where the LIDAR readable object is encoded with additional information that can be used for an additional authentication workflow. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include scanning a three-dimensional object behind an electrically energized cover with at least one LIDAR camera of a wireless device to capture data encoded in the three-dimensional object. Method may also include transmitting the captured data to a remote cloud server. Method may furthermore include authenticating the transmitted data by comparing it with stored authentication information associated with said three-dimensional object. Method may in addition include upon successful authentication, sending instructions to said electrically energized cover of a conference device to de-energize. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where said three-dimensional object is encoded with a symbology for representing data in the x direction, y direction, and z direction. Method may include: generating an authentication token on a remote cloud server; encoding said authentication token in a QR code for display on a display screen portion of said conference device; transmitting instructions from said remote cloud server to energize an electrochromic region disposed within an outer enclosure that houses at least one display screen portion of the conference device; and when displaying QR code containing encoded information associated with authenticating user credentials and access privileges associated with workspace management system. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include receiving, by a workspace management system from a mobile user device having an optical imaging camera and first LIDAR camera disposed on the same side of said mobile user device, data containing information captured by said optical imaging camera and said first LIDAR camera. Method may also include authenticating, by the workspace management system using at least one three-dimensional object encoded with symbology for representing data in x, y, z directions that is disposed behind an electrochromic region of bezel cover covering display screen housed within outer enclosure of conferencing device located within workspace. Method may furthermore include transmitting instructions to energize electrochromic region when authentication is successful. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where said three-dimensional object further may include additional security token embedded therein. Method where upon receipt of security token from mobile user device remote cloud server commences additional sequence of authentication workflow steps prior to transmission instruction for energizing electrochromic region. Method where said workspace management system further may include a remote cloud server having network interface communicatively coupled thereto, the remote cloud server including CPU and nonvolatile storage tangibly embodying instructions executable by said central processing unit for generating authentication token to be shown on display screen portion of conferencing device, encoding authentication token in QR-Code for display on said display screen, transmitting authentication token to conferencing device. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, computer readable medium storing instructions may include receiving data containing information captured by an optical imaging camera and first LIDAR camera disposed on same side of mobile user device. Computer readable medium storing instructions may also include authenticating using at least one three-dimensional object encoded with symbology for representing data in x, y, z directions that is disposed behind electrochromic region of bezel cover covering display screen housed within outer enclosure of conferencing device located within workspace. Instructions may furthermore include transmitting instruction energize electrochromic region when successful authentication occurs. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Computer readable medium where said three-dimensional object further may include additional security token embedded therein. Computer readable medium where upon receipt of security token from mobile user device remote cloud server commences additional sequence of authentication workflow steps prior to transmission instruction for energizing electrochromic region. Computer readable medium where said processor configured with memory resources further may include remote cloud server having network interface communicatively coupled thereto, the remote cloud server including CPU and nonvolatile storage tangibly embodying instructions executable by said central processing unit for generating authentication token to be shown on display screen portion of conferencing device, encoding authentication token in QR-Code for display on said display screen, transmitting authentication token to conferencing device. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include receiving, by a workspace management system from a mobile user device having an optical imaging camera and first LIDAR camera disposed on the same side of said mobile user device, data containing information captured by said optical imaging camera and said first LIDAR camera. Method may also include authenticating, by the workspace management system using at least one three-dimensional object encoded with symbology for representing data in x, y, and z directions that is disposed behind an electrochromic region of bezel cover covering display screen housed within outer enclosure of conferencing device located within workspace. Method may furthermore include transmitting instructions to energize electrochromic region when authentication is successful. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method where said three-dimensional object further may include additional security token embedded therein. Method where upon receipt of security token from mobile user device remote cloud server commences additional sequence of authentication workflow steps prior to transmission instruction for energizing electrochromic region. Method where said workspace management system further may include a remote cloud server having network interface communicatively coupled thereto, the remote cloud server including CPU and nonvolatile storage tangibly embodying instructions executable by said central processing unit for generating authentication token to be shown on display screen portion of conferencing device, encoding authentication token in QR-Code for display on said display screen, transmitting authentication token to conferencing device. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, computer readable medium storing instructions may include receiving data containing information captured by an optical imaging camera and first LIDAR camera disposed on same side of mobile user device. Computer readable medium storing instructions may also include authenticating using at least one three-dimensional object encoded with symbology for representing data in x, y, z directions that is disposed behind electrochromic region of bezel cover covering display screen housed within outer enclosure of conferencing device located within workspace. Instructions may furthermore include transmitting instruction energize electrochromic region when successful authentication occurs. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Computer readable medium where said three-dimensional object further may include additional security token embedded therein. Computer readable medium where upon receipt of security token from mobile user device remote cloud server commences additional sequence of authentication workflow steps prior to transmission instruction for energizing electrochromic region. Computer readable medium where said processor configured with memory resources further may include remote cloud server having network interface communicatively coupled thereto, the remote cloud server including CPU and nonvolatile storage tangibly embodying instructions executable by said central processing unit for generating authentication token to be shown on display screen portion of conferencing device, encoding authentication token in QR-Code for display on said display screen, transmitting authentication token to conferencing device. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, workspace management system may include a mobile user device having first side and second side, the mobile user device including an optical imaging camera positioned on said first side of said mobile user device, and a first LIDAR camera disposed on said first side. Workspace management system may also include conferencing device located within workspace, the conferencing device configured with outer enclosure that includes display screen housed therein and bezel cover covering over at least portion of the perimeter edges thereof where same bezel cover is transparent to frequency used by said LIDAR camera such that three-dimensional object encoded with symbology for representing data in x, y z, directions does not interfere or obstruct light beam projected from said lidar camera when electro chromatic region has been energized. System may furthermore include remote cloud server having network interface communicatively coupled thereto where nonvolatile storage tangibly embodies instructions executable by central processing unit for generating authentication token to be shown on display screen portion of conferencing device and encoding authentication token in QR-Code for display on said display screen transmitting authentication token to conferencing system, where said remote cloud server further includes workspace automation application having event scheduling engine adapted to allow an user to preprogram user profiles, presents, scenes, building rules and schedule of events of electronic devices the workspace. System may in addition include a network switch communicatively connected to cloud network and local area; where said remote cloud server further includes control engine adapted to send at least one command for controlling electronic devices located within workspace where command is one of commanding power on/off or dimming lighting device or adjusting temperature setpoint of HVAC system. System may moreover include where said processor configured with memory resources further may include remote cloud server having network interface communicatively coupled thereto, the remote cloud server including CPU and nonvolatile storage tangibly embodying instructions executable by said central processing unit for generating authentication token to be shown on display screen portion of conferencing device, encoding authentication token in QR-Code for display on said display screen, transmitting authentication token to conferencing device. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Workspace management system where said three-dimensional object further may include additional security token embedded therein. Workspace management system where upon receipt of security token from mobile user device remote cloud server commences additional sequence of authentication workflow steps prior to transmission instruction for energizing electrochromic region. Workspace management system where said bezel cover is transparent to the frequency of the light used by said first LIDAR camera. Workspace management system where said QR-Code is encoded with a tokenized URL that points to a link for downloading an application on to said mobile user device. Workspace management system where said remote cloud server further includes an authentication engine adapted to authenticate said mobile user device using said three-dimensional object encoded with symbology for representing data in x, y, and z directions. Workspace management system where said authentication engine is further adapted to authenticate user using biometric data associated with said mobile user device. Workspace management system where said biometric data is selected from the group having fingerprint, voice recognition, facial recognition, and iris scan. Workspace management system where said remote cloud server further includes a user interface adapted to receive user input and display information related to the operation of said workspace management system. Workspace management system where said remote cloud server further includes a data storage component adapted to store user profiles, presents, scenes, building rules and schedule of events of said electronic devices the workspace. Workspace management system where said remote cloud server further includes a control engine adapted to send at least one command for controlling electronic devices located within workspace where command is one of commanding power on/off or dimming lighting device or adjusting temperature setpoint of HVAC system etc. Workspace management system where said remote cloud server further includes a network switch communicatively connected to cloud network and local area. Workspace management system where said remote cloud server further includes a communication module adapted to communicate with external systems such as security, energy monitoring and other building automation systems. Workspace management system where said remote cloud server further includes a data analytics module adapted to analyze usage patterns of electronic devices within the workspace and generate reports for users. Workspace management system where said remote cloud server further includes a reporting module adapted to generate reports related to usage of electronic devices within the workspace. Workspace management system where said remote cloud server further includes an event scheduling engine adapted to schedule events for controlling electronic devices located within the workspace. Workspace management system where said remote cloud server further includes a notification engine adapted to send notifications related to the operation of electronic devices within the workspace. Workspace management system where said remote cloud server further includes a rules engine adapted to generate rules for controlling electronic devices located within the workspace. Workspace management system where said remote cloud server further includes a data mining module adapted to analyze usage patterns of electronic devices within the workspace and generate reports for users. Workspace management system where said remote cloud server further includes a billing engine adapted to generate bills related to usage of electronic devices within the workspace. Workspace management system where said remote cloud server further includes a security module adapted to secure communication between the remote cloud server and electronic devices located within the workspace. Workspace management system where said remote cloud server further includes a data encryption module adapted to encrypt communication between the remote cloud server and electronic devices located within the workspace. Workspace management system where said remote cloud server further includes a device monitoring module adapted to monitor status of electronic devices located within the workspace. Workspace management system where said remote cloud server further includes a data logging module adapted to log usage of electronic devices within the workspace. Workspace management system where said remote cloud server further includes an artificial intelligence module adapted to learn usage patterns of electronic devices within the workspace and suggest recommendations for controlling them. Workspace management system where said artificial intelligence module is adapted to predict user needs based on learned usage patterns. Workspace management system where said remote cloud server further includes a machine learning module adapted to learn usage patterns of electronic devices within the workspace and suggest recommendations for controlling them. Workspace management system where said remote cloud server further includes an optimization module adapted to optimize usage of electronic devices within the workspace by controlling them based on user preferences and energy efficiency requirements. Workspace management system where said remote cloud server further includes a machine vision module adapted to detect and recognize objects within the workspace using image processing techniques. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

In one general aspect, method may include providing access control information associated with each user. Method may also include receiving authentication request from mobile user device of respective users via network. Method may furthermore include authenticating requested users by comparing received authentication request against stored access control information related to respective users. Method may in addition include establishing secure communication channel between remote cloud server and requesting mobile user device based on authenticated identity of requesting user. Method may moreover include receiving input command relating operation of at least one electronic device located within the workplace from remotely connected mobile user devices over established secure communication channels. Method may also include executing commands sent by securely connected clients resulting into desired state change in controlled electronic devices or retrieval of data therefrom. Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform the actions of the methods.

Implementations may include one or more of the following features. Method may include authenticating user using biometric data associated with said mobile user device, where said biometric data is selected from the group having of: fingerprint, voice recognition, facial recognition and iris scan. Method may include receiving input command relating operation of at least one electronic device located within the workplace via a graphical user interface provided on remotely connected mobiles use devices over established secure communication channels. Implementations of the described techniques may include hardware, a method or process, or a computer tangible medium.

This disclosure includes references to “one embodiment” or “an embodiment.” The appearances of the phrases “in one embodiment” or “in an embodiment” do not necessarily refer to the same embodiment. Particular features, structures, or characteristics may be combined in any suitable manner consistent with this disclosure.

Within this disclosure, different elements may be described or claimed as “configured” to perform one or more tasks or operations. This formulation is used herein to refer to structure (i.e., something physical, such as an electronic circuit). More specifically, this formulation is used to indicate that this structure is arranged to perform the one or more tasks during operation. A structure can be said to be “configured to” perform some task even if the structure is not currently being operated. A “secure circuit configured to perform an authentication” is intended to cover, for example, an integrated circuit that has circuitry that performs this function during operation, even if the integrated circuit in question is not currently being used (e.g., a power supply is not connected to it). Thus, an entity described or recited as “configured to” perform some tasks that refers to something physical, such as a device, circuit, memory storing program instructions executable to implement the task, etc. This phrase is not used herein to refer to something intangible. Thus, the “configured to” construct is not used herein to refer to a software entity such as an application programming interface (API). The term “configured to” is not intended to mean “configurable to.” An unprogrammed FPGA, for example, would not be considered to be “configured to” perform some specific function, although it may be “configurable to” perform that function and may be “configured to” perform the function after programming.

As used herein, the terms “first,” “second,” etc. Are used as labels for nouns that they precede, and do not imply any type of ordering (e.g., spatial, temporal, logical, etc.) unless specifically stated. For example, a mobile user device may have a first user and a second user. The term “first” is not limited to the initial user of the device. The term “first” may also be used when only one user of the mobile user device exists.

As used herein, the term “based on” is used to describe one or more factors that affect a determination. This term does not foreclose the possibility that additional factors may affect a determination. That is, a determination may be solely based on specified factors or based on the specified factors as well as other, unspecified factors. Consider the phrase “determine A based on B.” This phrase specifies that B is a factor used to determine A or that affects the determination of A. This phrase does not foreclose that the determination of A may also be based on some other factor, such as C. This phrase is also intended to cover an embodiment in which A is determined based solely on B. As used herein, the phrase “based on” is thus synonymous with the phrase “based at least in part on.”

In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant teachings. However, it should be apparent that the present teachings may be practiced without such details. In other instances, well known methods, procedures, components, and/or circuitry have been described at a relatively high-level, without detail, in order to avoid unnecessarily obscuring aspects of the present teachings.

The terms “LIDAR camera,” “3D scanner,” and “3D camera” refer to a device or system that is capable of performing scanning data that is encoded in a 3D object (e.g., 3D QR Code). A 3D camera will include a processor and one or more sensors that can sense and range-find the physical attributes of the objects. Several technologies including structured light, light detection and ranging (LIDAR), optical time-of-flight, ultrasonic ranging, stereoscopic imaging, radar, and so forth either alone or in combination with one another. For convenience, and not by way of limitation, some of the examples in this disclosure refer to LIDAR and determining ranges (variable distance) by targeting an object or a surface with a laser and measuring the time for the reflected light to return to the receiver, however, other techniques may be used. For example, an image sensor (camera), sonic sensor (e.g., sonar), a magnetic sensor, an x-ray device, a combination of an infrared camera with an infrared light source, an air-knife type of reader, or other sensors. The processor will implement programming instructions, typically using parameters from a data file that cause the sensor to collect data that is embedded in a 3D barcode. As used throughout this disclosure, the terms “three-dimensional scanner,” “3D scanning device,” “3D scanning system,” and “3D scanner” refer to any now or hereafter known 3D scanning camera.

Embodiments of the workspace management system can be used in small, mid, or large scale residential or commercial installations. While the embodiments are described herein as being implemented for in use with buildings having one or more shared workspaces, they are not limited to such an implementation. The present embodiments may be employed in other type of venues or facilities, including in residential, retail, or non-profit structures or venues. Additionally, while the workspace management system described herein as managing and controlling an entire building, it may be scaled up to manage a collection of buildings or scaled down to manage a single workspace within a building. Workspace systems can be implemented as one or more dedicated servers which provide convenient control and monitoring of various mechanical and electrical equipment within a building. Workspace systems can utilize a network of sensors and associated controllers located throughout a building to monitor and control the mechanical and electrical equipment in the building. Examples include heating, ventilation, and air conditioning, lighting, shading, security, appliances, door locks, and audiovisual (AV) equipment in each workspace.

The following are definitions of exemplary terms used throughout the disclosure. Both singular and plural forms of all terms fall within each meaning:

“Mobile Application” or “Mobile App” or “App” as used herein, includes, but is not limited to, applications that run on smart phones, tablet computers, and other mobile user devices. The terms “Mobile Application” or “Mobile App” or “App” can be used synonymously with “software.” Mobile applications allow users to connect to services, access the internet, intranet, cellular, or wireless fidelity (Wi-Fi) networks, to access, retrieve, transmit and share data.

“Computer” or “processing unit” as used herein includes, but is not limited to, any programmed or programmable electronic device, microprocessor, logic circuit, that can store, retrieve, and process data.

The term “Network” as used herein refers to a collection of hardware components and computers or machines interconnected by one or more communication channels that allow sharing of resources, data, and information, including without limitation, the worldwide web or internet. A network can be “wireless” or wired or a combination of a wireless and/or wired communication.

A “Web browser” as used herein, includes, but is not limited to, a software for retrieving and presenting information resources on the World Wide Web. An information resource may be a web page, an image, a video, or any other type of electronic content.

A “Server” as used herein, includes, but is not limited to, a computer or a machine or a device on a network that manages network resources. A “server” may refer one or more server computers configured to provide certain server functionalities, such as database management and search engines. A server may also include one or more processors to execute computer programs in parallel. The general term “Server” may include specific types of servers, such as a File Server (a computer and storage device dedicated to storing files), Print Server (a computer that manages one or more printers), a Network Server (a computer that manages network traffic), and a Database Server (a computer system that processes database queries). Although servers are frequently dedicated to performing only server tasks, certain multiprocessing operating systems allow a server to manage other non-server related resources.

2 FIG. 203 201 202 204 Referring to, a three-dimensional object encoded with a symbology for representing data has basehaving a plurality of cuboids of varying heights,, anddisposed thereon. The cuboids are arranged to cover each black square of a 2D QR-Code, however as described below, additional symbology is encoded in the height of each cuboid.

3 FIG. 304 303 302 304 305 308 301 304 300 illustrates a three-dimensional object encoded with four distinct symbols. By varying a cuboid's height additional information can be encoded in to the object when captured, for example, using a 3D LIDAR camera. In one embodiment, Cuboidheight represents a value of one, cuboidheight represents a value of two, cuboidheight represents a value of three, and cuboidheight represents a value of four. Cuboids-illustrate cuboids-, respectively, when used together in collection.

4 FIG. 400 400 400 403 405 404 404 400 404 402 illustrates an example of conferencing device. In this embodiment the conferencing deviceis a Crestron Flex Phone available from Crestron Electronics, Inc. Of Rockleigh, N.J. In this embodiment, conferencing devicehas video camera, available from Crestron Electronics, Inc. Of Rockleigh, N.J. Microphonemay be an Integrated high-fidelity array microphone or an Omnidirectional microphone array with 360-degree audio pickup, display screenthat may be a 10″ high resolution touch screen, and bezel. In an embodiment, Conferencing devicemay include an embedded occupancy for capturing meeting-space data and usage analytic, be powered over ethernet as an IEEE 802.3af Class 3 and 802.3at Class 4 PoE powered device, include a USB-C for an audio headset, and include a 1000Base-T Ethernet port & PoE PD port for connection to a LAN with PoE PSE. Display screenmay present QR-Code.

402 402 In the embodiments described below, a QR-Codemay be used to encode location information, for example, workspace location, while in other embodiments, QR-Codemay encode information other than location information. For example, the QR-code may encode a URL or IP address that is associated with a remote cloud server. In other embodiments, the QR-code may encode a binary string that is associated with an authentication token for the conferencing device. In the instance where the QR-code encoding further comprises a security token and that token is sent by a mobile user device by the remote cloud server, additional authentication steps my commence. That is, upon remote cloud server receiving the token from a mobile user device, the remote cloud server can proceed with an additional sequence of authentication workflow.

5 FIG. 4 FIG. 503 503 501 501 illustrates a modified conferencing device shown inhowever, a portion of its bezel cover is cutaway to reveal a three-dimensional authentication objectthat is encoded with additional information that can be used for an additional authentication workflow, according to an embodiment. Three-dimensional authentication objectis a LIDAR readable object disposed behind the bezel cover. In some implementations of the invention, bezel covermay include various types of transparent glass, plastic, or similar transparent or semi-transparent materials that are transparent to frequencies associated with LIDAR, as disclosed in U.S. Pat. No. 9,829,578 B2 to Chaudhry, which incorporated herein by reference in its respective entirety.

6 FIG. 603 602 600 602 603 602 illustrates a illustrates a conferencing device having a LIDAR readable three-dimensional objectselectively concealed by bezel coverconfigured to be electrochromic and vary its opacity. In one embodiment, all, or a portion of conference devicebezel coveris designed to selectively conceal the LIDAR readable three-dimensional objectby varying its opacity using electrochromic, photochromic, thermochromic, suspended particle, micro-blind and/or a liquid crystal device. In these embodiments, the bezel cover has at least two modes. In the first mode (“visible mode”) the bezel cover is substantially transparent and allows the frequencies used by the LIDAR camera's optical beam to therethrough. In the second mode (or “concealed mode”) the bezel coveris substantially opaque or substantially interferes with the ability of the LIDAR camera's optical beam to pass through. In an embodiment, the properties of electrochromatic or TN film used results in the bezel cover becoming opaque or dark when de-energized and transparent when energized. Similar suitable materials have been used as a window treatment for homes and commercial building for the control of sunlight and radiant energy.

602 600 603 602 602 603 602 An embodiment of the foregoing implementation, extends the bezel coverconfiguration to include modes which concurrently affect the transmission and concealment of visible light (e.g., wavelengths in the range of 400-700 nanometers), thereby allowing the user interacting with the conferencing deviceto see when they have been granted authorization to scan the hidden LIDAR readable three-dimensional objectdisposed behind the bezel cover, because the inclusion of visible light allows the user to visually detect whether a transparent portion of bezel coveris revealing a LIDAR readable three-dimensional objector if, for example, the bezel covercontinues to remain opaque or dark.

603 602 600 602 603 602 603 600 603 602 In another embodiment, more than one uniquely encoded LIDAR readable three-dimensional objectdisposed in different areas behind the bezel coverand conferencing devicebezel coveris configured to reveal only one of the LIDAR readable three-dimensional objectsaccording to a programed sequence for any authentication logic. In this way, different areas of the bezel covercan be configured to act as independently-operable electrochromic shutters (arranged over several LIDAR readable three-dimensional objects) that selectively open and close at the appropriate time for any authentication process desired. The conferencing devicecan alternatively include MEMS mechanical shutters or any other suitable type of shutter interposed between one or more LIDAR readable three-dimensional objectsand bezel cover.

600 604 604 600 In one embodiment, the conferencing deviceselectively controls the bezel cover's opacity in order prevent the scanning of an adjacent LIDAR readable three-dimensional object (by blocking a LIDAR camera's ability to project a light beam on to its surface) until a user has completed a specific preliminary user check-in, or a basic authentication challenge. In some embodiments, a specific preliminary user check-in comprises having a user point their user communication device camera at a QR-Codecurrently displayed on the display screen of the conferencing device. The QR-Codeis encoded with a tokenized URL that points to a link for downloading an application from the mobile user device's authorized App store. The tokenized URL downloads and installs the new application, uses the login credentials from the encoded information in order to complete a preliminary user check-in. A networked workspace scheduling server can generate, manage, store, and transmit tokenized URLs over a network to the conferencing device.

7 FIG. 700 700 700 701 703 702 700 illustrates a conferencing device, and in this embodiment, the conferencing deviceis a Crestron Mercury®, available from Crestron Electronics, Inc. Of Rockleigh, N.J. Conferencing deviceis shown displaying QR-Code, and comprises a LIDAR readable three-dimensional object regiondisposed behind bezel cover. Conferencing devicemay include a 7″ (178 mm) HD color touch screen, Active Directory® authentication, Room scheduling integration with Microsoft® Exchange or Crestron Fusion®, Built-in PinPoint™ beacon for use with the Crestron PinPoint App, a Built-in PIR occupancy detector for persistent occupancy awareness combining motion and voice detection, be configurable using a web browser, include Dual LAN ports, be powered via PoE+ or AC line powered, and include CEC, IP, IR, or RS-232 display control.

8 FIG. 8 FIG. 802 801 810 806 808 802 803 805 illustrates a block diagram depicting a workspace management system for controlling and managing one or more workspaces, such as workspace, according to an embodiment. It should be noted that the exemplary embodiment of workspace management system illustrated inmay be varied in one or more aspects without departing from the spirit and scope of the teachings disclosed herein. Workspace management system may comprise one or more mobile user device, remote cloud server, a database, a cloud network, and various devices installed in the workspacesuch as Control System Processorand electronic devices.

810 810 812 801 803 805 810 805 802 801 812 801 810 805 802 812 803 According to an embodiment, the present embodiments deliver workspace management via cloud computing on remote cloud server. The remote cloud servermay comprise or be associated with a workspace automation applicationconfigured for providing a user interface on the mobile user devicewith which the user can interact with the workspace management system. By leveraging remote access to the Control System Processorand/or the controllable electronic devicesvia remote cloud server, a user may monitor and control the devicesand/or environment settings in a workspaceusing any mobile user device. The workspace automation applicationprovides a user interface on the mobile user devicein communication with the remote cloud serverallowing a user to set up scheduled events to control electronic deviceswithin the workspace. However, according to another embodiment, the workspace automation applicationmay alternatively reside on a control system processor.

801 810 810 801 810 808 801 810 801 801 810 808 Mobile user devicemay access the services provided by the remote cloud serverusing a web-browser such as Internet Explorer, Microsoft Edge, Firefox, Google Chrome, Opera, Safari, or the like. While the embodiments are described herein as accessing remote cloud servervia a web-browser, the present embodiments are not limited to such an implementation. According to other embodiments, the mobile user devicemay comprise a proprietary native mobile app, or other similar software application, configured for accessing remote cloud servervia the cloud network. Mobile user devicemay be any mobile user devices known in the art, including, but not limited to a laptop, a portable electronic device, a mobile computer, a smartphone, a tablet, a personal digital assistant, or any other computer configured for communicating with a remove server, such as remote cloud server, via a cloud network through a web-browser or other similar application. Each mobile user devicemay comprise a central processing unit (CPU), a user interface, one of numerous forms of storage (e.g., solid-state memory (RAM, ROM, and the like), and a wireless network interface such as an interface to a wireless LAN, Wi-Fi, 802.11x wireless network, cellular data network (such as the EDGE, LTE, 3G, 4G, or 5G network.) Using its wireless network interface, each mobile user devicecan communicate with remote cloud servervia the cloud network.

808 808 808 808 808 Cloud networkcan incorporate one or more of the Internet, a wide area network (WAN), a local area network (LAN), a personal area network (PAN), a wireless network, a campus area network (CAN), a metropolitan area network (MAN), or the like. Cloud networkmay include a public switched telephone network (PSTN), a cable telephony network, an Internet Protocol (IP) telephony network, a wireless network, a hybrid Cable/PSTN network, a hybrid IP/PSTN network, a hybrid wireless/PSTN network or any other suitable cloud network or combination of cloud networks. In addition, other network embodiments can be deployed with many variations in the number and type of devices, cloud networks, communication protocols, system topologies, and a myriad of other details without departing from the spirit and scope of the present embodiments. Cloud networkmay include one or more gateway devices to provide an entrance to cloud network, which may include software and/or hardware components to manage traffic entering and exiting cloud networkand conversion between the communication protocols used by various communication devices.

803 810 804 808 803 805 802 829 803 810 840 802 803 803 803 810 803 832 The workspace management system may further comprise one or more Control System Processoror gateways in communication with the remote cloud servervia Network Switchto cloud network. Control System Processormay be connected to various electronic devicesthroughout workspaceusing local area networkvia wireline or wirelessly. The Control System Processormay provide a web interface for remote cloud serverto be displayed on a conferencing devicelocated within the workspace. The control system processoris used for, among other things, controlling and monitoring various devices and environmental conditions throughout a structure. The control system processormay, for example, be any Control System available from Crestron Electronics, Inc. Of Rockleigh, N.J. The Control System Processormay comprise similar components as remote cloud serveras further described below. The Control System Processormay further provide a time-clock function to event scheduling engine.

803 821 824 826 827 822 840 840 The Control System Processormay control one or more of the following electronic devices: lighting devices, including but not limited to lamps, ballasts, light emitting diode (LED) drivers; HVAC devicesincluding but not limited to thermostats, air conditioning units, heating units, filtration systems, fans, humidifiers; shading devicesincluding but not limited to motorized window treatments, dimmable windows; sensors, including but not limited to occupancy sensors, proximity sensors, sound sensors, microphones, temperature sensors. AV devicesinclude, but not limited to, telephones, video phones, video touch panels, and a conferencing device. Examples of conferencing devicemay include Crestron Mercury® Tabletop UC Audio Conference Console and Crestron Flex® Phones available from Crestron Electronics, Inc. Of Rockleigh, N.J.

828 823 825 805 802 803 812 Security devicesmay include, but are not limited to, security cameras, monitors, electronic safes, and door locks. Appliancesmay include, but are not limited to, refrigerators, ovens, blenders, microwaves. Control devicesinclude, but are not limited to, switches, relays, and current limiting devices. Other types of electronic devicesare contemplated depending on the implementation of the workspace. As indicated above, according to an embodiment, one of the Control System Processormay instead comprise the workspace automation application.

803 805 805 829 805 805 803 805 829 805 One or more network interfaces may provide connectivity between the Control System Processorand electronic devices, and among the electronic devicesvia the local area network. The network interface may represent, for example, one or more network interface cards (NIC) or a network controller. In certain embodiments, the network interface may include a PAN interface. The PAN interface may provide capabilities to network with, for example, a Bluetooth® network, an IEEE 802.15.4 (e.g., Zigbee network), or an ultra-wideband network. As should be appreciated, the networks accessed by the PAN interface may, but do not necessarily, represent low power, low bandwidth, or close-range wireless connections. The PAN interface may permit one electronic deviceto connect to another local electronic devicevia an ad-hoc or peer-to-peer connection. The Control System Processormay directly communicate to the electronic devicesvia the local area networkor may communicate using the ad-hoc or peer-to-peer communication capability of electronic deviceto communicate with another device.

805 803 803 The network switch may also include a LAN interface. The LAN interface may represent an interface to a wired Ethernet-based network but may also represent an interface to a wireless LAN, such as an 802.11x wireless network. Additionally, in many cases, a connection between two electronic devicesvia the LAN interface may involve communication through a network router or other intermediary device. Ethernet connectivity enables integration with IP-controllable devices and allows the Control System Processorto be part of a larger managed network. Whether residing on a sensitive corporate LAN, a home network, or accessing the Internet through a cable modem, control system processormay provide secure, reliable interconnectivity with IP-enabled devices, such as touch screens, computers, mobile user devices, video displays, Blu-ray Disc® players, media servers, security systems, lighting, HVAC, and other equipment-both locally and globally. For some embodiments, the network interfaces may include the capability to connect directly to a WAN via a WAN interface. The WAN interface may permit connection to a cellular data network, such as the EDGE, LTE, 3G, 4G, or 5G network.

803 805 The Control System Processorand electronic devicesmay also include one or more wired input/output (I/O) interface for a wired connection between one electronic device and another electronic device. One or more wired interfaces may represent a serial port, for example a communication (COM) port or a universal serial bus (USB) port. Additionally, the wired I/O interface may represent, for example, a Cresnet® port. Cresnet® connectivity provides a network wiring solution for Crestron keypads, lighting controls, thermostats, and other devices that do not require the higher speeds of Ethernet. The Cresnet® bus offers wiring and configuration, carrying bidirectional communication and 24 VDC power to each device over a simple 4-conductor cable.

803 805 803 805 825 One or more infrared (IR) interfaces may enable the Control System Processorand electronic devicesto receive and/or transmit signals with infrared light. The IR interface may comply with the Infrared Data Association (IrDA) specification for data transmission. Alternatively, the IR interface may function to receive control signals or to output control signals. The IR interface may provide a direct connection with one or more devices such as a centralized AV sources, video displays, and other devices. One or more programmable relay ports may enable the Control System Processorand/or electronic devices, such as control devices, to control window shades, projection screens, lifts, power controllers, and other contact-closure actuated equipment. One or more “Versiport” I/O ports may enable the integration of occupancy sensors, power sensors, door switches, or anything device that provides a dry contact closure, low-voltage logic, or 0-10 Volt DC signal.

803 805 802 810 808 805 According to an alternative embodiment, workspace management system may operate without the utilization of Control System Processor. Electronic devicesdispersed throughout the workspacemay operate as a network of devices in communication with the remote cloud serverover cloud network. According to some aspects of the embodiments, each controllable electronic devicemay comprise a Power over Ethernet (PoE) interface for receiving electric power as well as for sending and receiving signals over an Internet Protocol (IP) based network.

840 803 802 840 803 According to an alternative embodiment, the conferencing devicereplaces control system processorin workspace. In these embodiments, conferencing deviceis configured to perform the functions of control system processor.

810 803 810 803 810 Remote cloud servermay be used to aggregate multiple Control System Processorinto a centralized a workspace management system. The remote cloud servermay provide similar functions as the Control System Processorfor remote control and also comprise additional services. Remote cloud servermay be a dedicated, private server, employing standard security protocols.

801 810 808 801 840 801 801 In one embodiment, mobile user devicecan be located and communicate with remote cloud serverover cloud networkusing a Uniform Resource Locator (URL) decoded from a QR-Code that mobile user devicecaptures from the display screen of conferencing deviceusing the camera installed in mobile user device. In one embodiment, the QR-Code is encoded with a tokenized URL that points to a link for downloading an application from the mobile user deviceauthorized application store (i.e., “App store.”)

810 810 810 Remote cloud servermay be incorporated into a standalone server, although in other embodiments, the function of remote cloud servermay be distributed across multiple computing systems and architectures. Multiple, redundant servers may be provided for additional backup and security. For example, remote cloud servermay include separate web, app, or email servers.

810 818 801 806 803 805 818 818 818 Remote cloud servermay comprise one or more network interfaceto provide connectivity with, among other things, mobile user devices, databases, Control System Processorand/or electronic devices. The network interfacemay represent, for example, one or more network interface cards (NIC) or a network controller. According to an embodiment, the network interfaceincludes the capability to connect directly to a wide area network (WAN). The network interfacemay permit a connection to a cellular data network, such as EDGE, LTE, 3G, 4G, or 5G networks.

810 811 811 811 Remote cloud servermay include a CPUconfigured for providing processing capability to execute an operating system, run various applications, and/or provide processing for one or more of the techniques described herein. For example, the CPUmay represent one or more microprocessors, and the microprocessors may be “general purpose” microprocessors, a combination of general and special purpose microprocessors, or application specific integrated circuits (ASICs). Additionally, or alternatively, the CPUmay include one or more reduced instruction set (RISC) processors, video processors, or related chip sets.

810 813 814 813 811 813 811 813 810 814 814 810 Remote cloud servermay further include any one of numerous forms of storage, including main memoryand nonvolatile storage. Main memorymay be communicably coupled to the CPUand may store data and executable code. The main memorymay represent volatile memory such as random access memory (RAM), but may also include nonvolatile memory, such as read-only memory (ROM) or Flash memory. In buffering or caching data related to operations of the (Central Processing Unit) CPU, the main memorymay store data associated with various engines and modules running on the remote cloud server. The nonvolatile storagemay represent any suitable nonvolatile storage medium, such as a hard disk drive or nonvolatile memory, such as Flash memory. Being well-suited to long-term storage, the nonvolatile storagemay store data files such as media (e.g., music and video files), software (e.g., for implementing functions on the remote cloud server), and building model data files, among other types of data.

814 812 805 812 801 806 803 805 814 816 816 813 811 816 814 801 816 801 Nonvolatile storagemay further include a workspace automation applicationoperable to enable the control and monitoring of electronic devicesof the building automation system, as well as perform other operations discussed below. Workspace automation applicationmay comprise a plurality of software engines. Software engines receive, transmit, and process information received from mobile user device, database, Control System Processor, and/or electronic devices. Depending upon implementation, various aspects of teachings of the present embodiments may be implemented in a single workspace automation application, a plurality of applications, a single software engine, in a plurality of software engines, in one or more hardwired components or in a combination of hardwired and software systems. In an embodiment, nonvolatile storagecomprises authentication engine. Authentication engineis operably associated with the main memoryand CPU. Authentication engineof nonvolatile storagemay be leveraged to provide authentication functions for access control for users of mobile user device. Authentication engine, or portions thereof, may also be utilized to store the data and logic steps needed to carry out authentication of a user using mobile user device.

812 810 801 801 812 810 812 803 The workspace automation applicationmay be run on the remote cloud serverand may comprise a web application-a client-server software application which runs in a web-browser of a client, such as one or more mobile user device. In another embodiment, mobile user devicecomprises a proprietary native mobile app in communication with workspace automation applicationrunning on remote cloud server. In yet another embodiment, the workspace automation applicationmay be run on one of the Control System Processor. The number and types of applications, software engines, and data storage areas may be varied and, as such, the specific arrangement discussed herein is presented primarily for descriptive purposes.

812 832 832 805 831 832 Workspace automation applicationmay comprise an event scheduling engine. The event scheduling enginemay be configured for allowing a user to preprogram setting user profiles, presents, scenes, building rules, and schedule of event of electronic devicesof the workspace automation system, as will be further described below. In other embodiments, control engineis configured for transmitting preprogrammed control commands generated by the event scheduling engine.

803 805 810 810 831 805 801 831 832 802 According to the aspects of the present embodiments, Control System Processorand/or electronic devicescommunicate with the remote cloud serverto receive various control commands. To that end, software engines of remote cloud servermay comprise a control engineconfigured to send at least one command to control the electronic devices. Control commands may comprise on-demand commands generated from mobile user device. For example, the at least one command may include a command to power on/off or dim a lighting device, control a touch panel, raise/lower the shades, power on/off or adjust the temperature of an HVAC system, enable/disable a security system, power on/off a sensor, power on/off a local computer, or the like. Depending upon implementation, other control commands are contemplated by the present embodiments. In other embodiments, control engineis configured for transmitting preprogrammed control commands generated by the event scheduling engine. For example, a scheduled event may generate control commands to turn lights off in the workspaceduring the end of business hours.

803 805 802 810 834 802 801 834 834 Additionally, Control System Processormay transmit status information of electronic devicesof workspace. Remote cloud servercan comprise a Building monitoring engineconfigured for monitoring the operation of the workspaceand providing this information on a mobile user device. Building monitoring enginemay be employed to provide real-time or live status information of resources of the building, such as environmental resources and conference room devices. As such, status information may be transmitted to the Building monitoring engineon-demand.

806 806 810 814 806 806 834 810 806 Additionally, status information may be collected and stored on the database. The databasecan be co-located with the remote cloud server, or it can be located remotely among different systems and locations. According to an alternative embodiment, nonvolatile storagefurther comprises Database. Databasemay include any one of numerous forms of storage devices and storage media, such as solid-state memory, magnetic memory, such as disc drives, and the like, and/or optical memory, such as DVD. Building monitoring engineof remote cloud servermay be configured to recall historic status information stored in the database.

814 836 810 802 801 836 802 802 802 836 802 In addition, nonvolatile storagemay comprise an Account engine. Remote cloud servermay be utilized to provide workspace automation and management services to a plurality of workspaces. In one embodiment, one or more workspaces, such as workspace, may be associated with an account. In another embodiment, one or more users may be associated with an account. In yet another embodiment, one or more mobile user devicemay be associated with an account. Account enginemay be configured to create such accounts and correlate data relevant to a particular workspace, such as workspace, in these accounts, including system status information of a workspace, as well as other data related to workspace. Account enginemay request a variety of data from a user during a registration process. For example, requests for data may include the workspace location, list of users who are permitted to access the workspace management system of workspace, and their names and passwords for registration purposes.

814 816 816 816 801 816 802 816 Nonvolatile storagemay further comprise authentication engine. Authentication enginecan verify various types of inputs, including biometrics, information about a 3D objects or scenes, authentication tokens, transactions, and out-of-band authentication requests. In one embodiment, authentication enginecan analyze and recognize objects from the 3D data captured by the LIDAR camera of mobile user device. In another embodiment, authentication enginecan analyze and recognize the topology of a scene at workspace. In an embodiment, authentication enginecan generate authentication challenges, such as one time PIN codes used for authentication.

816 840 801 840 801 816 840 In one embodiment, authentication enginecan include provisions for generating a token, encoding it into a QR-Code, transmitting it for display on a display screen of conferencing device, receiving the decoded token back from mobile user device, and after verifying the token selectively controlling the visibility of a three-dimensional authentication object embedded in conferencing device. The mobile user devicewould then be able to scan the three-dimensional authentication object and transmit it to authentication enginefor analysis and verification. As described above, all or a portion of conferencing devicedevice bezel cover is designed to selectively conceal a LIDAR readable three-dimensional object by varying its opacity employing electrochromic, photochromic, thermochromic, suspended particle, micro-blind, liquid crystal device, or the like

816 836 840 In one implementation, authentication enginecan ascertain that the authenticated user is given access to all resources the user is approved for. Thus, one function of this process can be linking with account engineto coordinate the username and password credentialing process at conferencing device. In one embodiment, this linking can trigger the three-dimensional authentication object authentication workflow described above, in which the user identity is verified and his/her account is accessed.

836 Account enginemay be further configured for providing user authentication to allow access to a particular account and workspace by checking the access of a user by maintaining a database listing access permissions for resources and users as identified by user IDs and passwords, for example.

81 833 833 810 833 801 Nonvolatile storagemay also include a user interface engine. The user interface enginemay be leveraged in association with one or more included software engines and data available in data storage areas to enable visual layout and presentation structure of the building management services provided by remote cloud server. User interface enginemay be configured to present the visual layout on mobile user device.

832 812 812 810 801 In one embodiment, the event scheduling engineof the workspace automation applicationmay comprise “Room Categories”, “Room States”, “Day Types”, “Day Patterns”, and “Calendar”. Workspace automation applicationmay be run on the remote cloud serveror rendered on mobile user deviceas a client-server software application.

803 810 812 803 812 803 In another embodiment, the control system processormay comprise similar configuration as remote cloud serverand the workspace automation applicationmay be run on a control system processoras an embedded web server which exposes a web interface. The functionality of the workspace automation applicationmay be exposed via a webpage from the device itself. In one embodiment, the users of the system will scan a QR-Code embedded URL and authentication token in order to log into the webpage and thereby be exposed to all functionality allowed by the control system processor.

802 802 806 810 806 810 803 Workspacemay comprise many rooms or workspace nodes each identifying a space or a room located within workspace. The nodes may be stored on databaseand accessed by the remote cloud server. Although the present description hereafter describes the room nodes as being recalled from databaseby remote cloud server, the present embodiments are not limited thereto. In another embodiment, the room nodes may be stored on a memory of a control system processor.

805 802 805 829 802 810 803 805 829 810 805 808 829 810 803 805 805 805 805 802 806 These room nodes may be organized in the memory in a tree topology, with the building as the root, floors as children, and individual spaces as sub-children. Each room node may be associated with one or more electronic devicesinstalled within the workspace. This can be accomplished by first performing a discovery process by discovering all the electronic devicesconnected to the local area networkwithin the workspace. The remote cloud servermay communicate to the Control System Processorto discover electronic devicesconnected to the local area network. In another embodiment, remote cloud servercan communicate directly with electronic devicesvia cloud networkand local area networkif, for example, these devices are in direct communication with the remote cloud serverwithout the use of Control System Processor. The discovery process may provide a list of electronic devices. Each electronic devicemay be identified by a unique ID, such as the device's serial number, as well as a model number, device name, device type, or the like. Each such electronic deviceis associated with a room node. For example, all electronic deviceslocated within a conference room may be associated with a conference room node. This association allows for monitoring and controlling the workspacespace by space. This association may be stored in database.

812 802 802 Using the workspace automation application, system user can classify these room nodes of workspaceby room type or “Room Categories,” i.e., for what the room or space is being used. This categorization allows all rooms or spaces falling under a specific category to operate in the same way without the need to create separate events for each room. For example, a single scheduling event may be created to turn the lights off in all rooms falling under a “conference room” category at the end of a business day. Room categories may include lobby, hallways, staircases, common areas, conference rooms, private offices, open offices, bathrooms, etc., in workspace, or kitchen, living room, bedrooms, bathrooms, etc., in a residential building. The “Room Categories” may comprise default room categories stored in a memory, or can comprise “Room Categories” generated or edited by a user. Room classification by room categories may be changed by the user at any time when the utilization of the space changes.

9 FIG. 9 FIG. 900 is a flowchart of an example process. In some implementations, one or more process blocks ofmay be performed by a device.

9 FIG. 9 FIG. 9 FIG. 9 FIG. 9 FIG. 900 902 900 904 900 906 900 908 900 910 As shown in, processmay include encoding data into a three-dimensional authentication object disposed behind a bezel cover of a conferencing device, where the bezel cover has at least two modes, a visible mode and a concealed mode, where when the bezel cover is in a visible mode, the three-dimensional authentication object is visible to a lidar scanner, and when the bezel cover is in a concealed mode, the three-dimensional authentication object is not visible to a lidar scanner (block). For example, device may encode data into a three-dimensional authentication object disposed behind a bezel cover of a conferencing device, where the bezel cover has at least two modes, a visible mode and a concealed mode, where when the bezel cover is in a visible mode, the three-dimensional authentication object is visible to a lidar scanner, and when the bezel cover is in a concealed mode, the three-dimensional authentication object is not visible to a lidar scanner, as described above. As also shown in, processmay include capturing an image of the three-dimensional authentication object using at least one security camera (block). For example, device may capture an image of the three-dimensional authentication object using at least one security camera, as described above. As further shown in, processmay include retrieving a form authentication token from the captured image (block). For example, device may retrieve a form authentication token from the captured image, as described above. As also shown in, processmay include accessing a networked workspace scheduling server using the form authentication token retrieved from the captured image (block). For example, device may access a networked workspace scheduling server using the form authentication token retrieved from the captured image, as described above. As further shown in, processmay include performing additional verification steps based on the information retrieved from the workspace scheduling server (block). For example, device may perform additional verification steps based on the information retrieved from the workspace scheduling server, as described above.

900 Processmay include additional implementations, such as any single implementation or any combination of implementations described below and/or in connection with one or more other processes described elsewhere herein. In a first implementation, when the bezel cover is in the visible mode, the transmission of visible light is enabled to allow a user interacting with the conferencing device to determine that the three-dimensional authentication object is visible.

In a second implementation, alone or in combination with the first implementation, the form authentication token is retrieved by an application installed on a mobile user device and utilizes the form authentication token associated with said mobile user device.

In a third implementation, alone or in combination with the first and second implementation, the bezel cover further may include a layer of electrochromic film that become opaque when de-energized and transparent when energized.

In a fourth implementation, alone or in combination with one or more of the first through third implementations, when the bezel cover may include a plurality of independently operable electrochromic shutters arranged over several LIDAR readable three-dimensional objects.

9 FIG. 9 FIG. 900 900 900 Althoughshows example blocks of process, in some implementations, processmay include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in. Additionally, or alternatively, two or more of the blocks of processmay be performed in parallel.

10 FIG. 10 FIG. 1000 is a flowchart of an example process. In some implementations, one or more process blocks ofmay be performed by a device.

10 FIG. 10 FIG. 10 FIG. 10 FIG. 1000 1002 1000 1004 1000 1006 1000 1008 As shown in, processmay include Receiving input data from a mobile user device, said input data having a three-dimensional data object including physical parameters by which a user can be authenticated (block). For example, the device may receive input data from a mobile user device, said input data having a three-dimensional data object including physical parameters by which a user can be authenticated, as described above. As also shown in, processmay include Transmitting said input data from said mobile user device to a remote cloud server over a cloud network (block). For example, device may transmit said input data from said mobile user device to a remote cloud server over a cloud network, as described above. As further shown in, processmay include Comparing said input data received from said mobile user device with stored biometric information associated with said user (block). For example, the device may compare said input data received from said mobile user device with stored biometric information associated with said user, as described above. As also shown in, processmay include Authenticating said user if said input data matches said stored biometric information (block). For example, device may authenticate said user if said input data matches said stored biometric information, as described above.

1000 Processmay include additional implementations, such as any single implementation or any combination of implementations described below and/or in connection with one or more other processes described elsewhere herein. In a first implementation, said three-dimensional data object is captured by a camera of said mobile user device.

In a second implementation, alone or in combination with the first implementation, said three-dimensional data object includes biometric characteristics of a user.

In a third implementation, alone or in combination with the first and second implementation, said input data is transmitted by said mobile user device via a Uniform Resource Locator (URL) decoded from a QR-Code.

1000 A fourth implementation, alone or in combination with one or more of the first through third implementations, processmay include controlling one or more electronically controlled devices disposed in a workspace based on the authentication of said user.

10 FIG. 10 FIG. 1000 1000 1000 Althoughshows example blocks of process, in some implementations, processmay include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in. Additionally, or alternatively, two or more of the blocks of processmay be performed in parallel.

11 FIG. 11 FIG. 1100 is a flowchart of an example process. In some implementations, one or more process blocks ofmay be performed by a device.

11 FIG. 11 FIG. 11 FIG. 11 FIG. 11 FIG. 11 FIG. 1100 1102 1100 1104 1100 1106 1100 1108 1100 1110 1100 1112 As shown in, processmay include providing a workspace management system, having remote cloud server, one or more mobile user devices, a plurality of controllable electronic devices associated with said workspace management system, and an authentication engine (block). For example, device may provide a workspace management system, having remote cloud server, one or more mobile user devices, a plurality of controllable electronic devices associated with said workspace management system, an authentication engine, as described above. As also shown in, processmay include receiving user input at said mobile user device (block). For example, device may receive user input at said mobile user device, as described above. As further shown in, processmay include authenticating user using said authentication engine (block). For example, device may authenticate user using said authentication engine, as described above. As also shown in, processmay include receiving command data from said authenticated user at said remote cloud server (block). For example, device may receive command data from said authenticated user at said remote cloud server, as described above. As further shown in, processmay include forwarding said command data to said electronic devices (block). For example, device may forward said command data to said electronic devices, as described above. As also shown in, processmay include controlling one or more said electronic devices in response to said command data (block). For example, device may control one or more said electronic devices in response to said command data, as described above.

1100 Processmay include additional implementations, such as any single implementation or any combination of implementations described below and/or in connection with one or more other processes described elsewhere herein. In a first implementation, said authenticating said user may include verifying user credentials using user input.

In a second implementation, alone or in combination with the first implementation, said verification step may include performing multifactor authentication of user credentials, where said authentication may include three-dimensional data objects.

In a third implementation, alone or in combination with the first and second implementation, said authenticating step further may include biometric authentication of user credentials.

11 FIG. 11 FIG. 1100 1100 1100 Althoughshows example blocks of process, in some implementations, processmay include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in. Additionally, or alternatively, two or more of the blocks of processmay be performed in parallel.

12 FIG. 12 FIG. 1200 is a flowchart of an example process. In some implementations, one or more process blocks ofmay be performed by a device.

12 FIG. 12 FIG. 12 FIG. 12 FIG. 12 FIG. 12 FIG. 12 FIG. 12 FIG. 1200 1202 1200 1204 1200 1206 1200 1208 1200 1210 1200 1212 1200 1214 1200 1216 As shown in, processmay include providing a conferencing device having an embedded system (block). For example, device may provide a conferencing device having an embedded system, as described above. As also shown in, processmay include encoding a three-dimensional object with additional information (block). For example, device may encode a three-dimensional object with additional information, as described above. As further shown in, processmay include disposing the three-dimensional object beneath an electrochromic bezel cover coupled to the conferencing device (block). For example, the device may dispose the three-dimensional object beneath an electrochromic bezel cover coupled to the conferencing device, as described above. As also shown in, processmay include displaying a QR-code on the conferencing device (block). For example, the device may display a QR-code on the conferencing device, as described above. As further shown in, processmay include receiving additional authorization information via a mobile user communication device that scans the displayed QR-code and transmits the received additional information to a networked workspace scheduling server (block). For example, device may receive additional authorization information via a mobile user communication device that scans the displayed QR-code and transmits the received additional information to a networked workspace scheduling server, as described above. As also shown in, processmay include utilizing the information transmitted to the networked workspace scheduling server to initiate an additional authentication workflow if necessary (block). For example, device may utilize the information transmitted to the networked workspace scheduling server to initiate an additional authentication workflow if necessary, as described above. As further shown in, processmay include progressively varying the opacity of the electrochromic bezel cover to reveal the three-dimensional object (block). For example, device may progressively vary the opacity of the electrochromic bezel cover to reveal the three-dimensional object, as described above. As also shown in, processmay include scanning the revealed three-dimensional object using an optical scanner in communicative connection with the conferencing device to obtain the additional information associated with the three-dimensional object (block). For example, device may scan the revealed three-dimensional object using an optical scanner in communicative connection with the conferencing device to obtain the additional information associated with the three-dimensional object, as described above.

12 FIG. 12 FIG. 1200 1200 1200 Althoughshows example blocks of process, in some implementations, processmay include additional blocks, fewer blocks, different blocks, or differently arranged blocks than those depicted in. Additionally, or alternatively, two or more of the blocks of processmay be performed in parallel.

In addition, implementations of the present disclosure can make use of any of the features, systems, components, devices, and methods described in

In some examples, a hardware module may be implemented mechanically, electronically, or with any suitable combination thereof. For example, a hardware module may include dedicated circuitry or logic that is configured to perform certain operations. For example, a hardware module may include a special-purpose processor, such as a field-programmable gate array (FPGA) or an Application Specific Integrated Circuit (ASIC). A hardware module may also include programmable logic or circuitry that is temporarily configured by software to perform certain operations, and may include a portion of machine-readable medium data and/or instructions for such configuration. For example, a hardware module may include software encompassed within a programmable processor configured to execute a set of software instructions. It will be appreciated that the decision to implement a hardware module mechanically, in dedicated and permanently configured circuitry, or in temporarily configured circuitry (for example, configured by software) may be driven by cost, time, support, and engineering considerations.

Accordingly, the phrase “hardware module” should be understood to encompass a tangible entity capable of performing certain operations and may be configured or arranged in a certain physical manner, be that an entity that is physically constructed, permanently configured (for example, hardwired), and/or temporarily configured (for example, programmed) to operate in a certain manner or to perform certain operations described herein. As used herein, “hardware-implemented module” refers to a hardware module. Considering examples in which hardware modules are temporarily configured (for example, programmed), each of the hardware modules need not be configured or instantiated at any one instance in time. For example, where a hardware module includes a programmable processor configured by software to become a special-purpose processor, the programmable processor may be configured as respectively different special-purpose processors (for example, including different hardware modules) at different times. Software may accordingly configure a particular processor or processors, for example, to constitute a particular hardware module at one instance of time and to constitute a different hardware module at a different instance of time. A hardware module implemented using one or more processors may be referred to as being “processor implemented” or “computer implemented.”

Hardware modules can provide information to, and receive information from, other hardware modules. Accordingly, the described hardware modules may be regarded as being communicatively coupled. Where multiple hardware modules exist contemporaneously, communications may be achieved through signal transmission (for example, over appropriate circuits and buses) between or among two or more of the hardware modules. In implementations in which multiple hardware modules are configured or instantiated at different times, communications between such hardware modules may be achieved, for example, through the storage and retrieval of information in memory devices to which the multiple hardware modules have access. For example, one hardware module may perform an operation and store the output in a memory device, and another hardware module may then access the memory device to retrieve and process the stored output.

In some examples, at least some of the operations of a method may be performed by one or more processors or processor-implemented modules. Moreover, the one or more processors may also operate to support performance of the relevant operations in a “cloud computing” environment or as a “software as a service” (SaaS). For example, at least some of the operations may be performed by, and/or among, multiple computers (as examples of machines including processors), with these operations being accessible via a network (for example, the Internet) and/or via one or more software interfaces (for example, an application program interface (API)). The performance of certain of the operations may be distributed among the processors, not only residing within a single machine, but deployed across a number of machines. Processors or processor-implemented modules may be located in a single geographic location (for example, within a home or office environment, or a server farm), or may be distributed across multiple geographic locations.

What has been described and illustrated herein is an example along with some of its variations. The terms, descriptions and figures used herein are set forth by way of illustration only and are not meant as limitations. Many variations are possible within the spirit and scope of the subject matter, which is intended to be defined by the following claims, and their equivalents, in which all terms are meant in their broadest reasonable sense unless otherwise indicated.

While various implementations have been described, the description is intended to be exemplary, rather than limiting, and it is understood that many more implementations and implementations are possible that are within the scope of the implementations. Although many possible combinations of features are shown in the accompanying figures and discussed in this detailed description, many other combinations of the disclosed features are possible. Any feature of any implementation may be used in combination with or substituted for any other feature or element in any other implementation unless specifically restricted. Therefore, it will be understood that any of the features shown and/or discussed in the present disclosure may be implemented together in any suitable combination. Accordingly, the implementations are not to be restricted except in light of the attached claims and their equivalents. Also, various modifications and changes may be made within the scope of the attached claims.

Except as stated immediately above, nothing that has been stated or illustrated is intended or should be interpreted to cause a dedication of any component, step, feature, object, benefit, advantage, or equivalent to the public, regardless of whether it is or is not recited in the claims.

It will be understood that the terms and expressions used herein have the ordinary meaning as is accorded to such terms and expressions with respect to their corresponding respective areas of inquiry and study except where specific meanings have otherwise been set forth herein. Relational terms such as first and second and the like may be used solely to distinguish one entity or action from another without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms “comprises,” “comprising,” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. An element proceeded by “a” or “an” does not, without further constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element.

The scope of the present disclosure includes any feature or combination of features disclosed herein (either explicitly or implicitly), or any generalization thereof, whether or not it mitigates any or all of the problems addressed herein. Accordingly, new claims may be formulated during prosecution of this application (or an application claiming priority thereto) to any such combination of features. In particular, with reference to the appended claims, features from dependent claims may be combined with those of the independent claims and features from respective independent claims may be combined in any appropriate manner and not merely in the specific combinations enumerated in the appended claims.

The present disclosure further contemplates that the entities responsible for the collection, analysis, disclosure, transfer, storage, or other use of such personal information data will comply with well-established privacy policies and/or privacy practices. In particular, such entities should implement and consistently use privacy policies and practices that are generally recognized as meeting or exceeding industry or governmental requirements for maintaining personal information data private and secure. For example, in the case of matching biometric snapshots to the first user identity, personal information from users should be collected for legitimate and reasonable uses of the entity and not shared or sold outside of those legitimate uses. Further, such collection should occur only after receiving the informed consent of the users. Additionally, such entities would take any needed steps for safeguarding and securing access to such personal information data and ensuring that others with access to the personal information data adhere to their privacy policies and procedures. Further, such entities can subject themselves to evaluation by third parties to certify their adherence to widely accepted privacy policies and practices.

The Abstract of the Disclosure is provided to allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in various examples for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claims require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed example. Thus, the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separately claimed subject matter.